If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Security Matters

While access to your admin area is protected by the requirement of your admin password, it is recommended for additional security that you rename your admin directory after installation. This way, it will be significantly harder for hackers to find your admin area or attempt any attack on breaking into it.

(Before making the following changes, make sure to have a current backup of your files and your database.)

You're going to do three steps: A) edit the configure.php settings and upload them, B) rename the admin folder, C) test login to the new folder. Details are below:

Zen Cart v1.5.x:

A - configure.php - If you are using v1.5.x, go to step B to rename the folder. If you are using v1.3.x, see the section below about v1.3.x which explains how to edit this file properly in that case.

There is no need to alter the admin configure.php in v1.5.x when renaming your admin folder. Simply proceed to step B.

B - Rename the Admin folder

Using your FTP software or your webhost's File Manager, find your Zen Cart /admin/ directory. Rename the directory to match the settings you just made in step A.

NOTE: DO NOT advertise this new foldername, else you defeat the entire purpose of renaming it. And DO NOT EVER put it in your robots.txt file!

C - Login to your admin using the new URL

To login to your admin system you will now have to visit a new URL that matches the new name used in steps A and B above.

SSL Security Protection Tips

Without applying extra efforts to your connection on the internet you are wandering around an unsecured environment. Before you make administrative modifications to secure Zen Cart® and its database, you need to equip yourself with secure ways to make these modifications. Otherwise if someone is watching/listing to the information you transmit, it might not be long before your private business information becomes public. The bare minimum you should have is access to shared SSL services from your hosting company.

The preferred would be to have a dedicated SSL certificate for your store, as it is more professional in appearance than the use of a shared certificate. There will be
...

Zen Cart's use of cookies is VERY simple: it only sets and retrieves an anonymous session cookie. Nothing more.
However, alterations added by the storeowner may behave differently, including but not limited to tracking addons, analytics scripts, tracking pixels, etc. Those are up to the storeowner to disclose.

DISCLAIMER: The following answers pertain to a webstore built with default Zen Cart code without any customizations, using only built-in features/modules/capabilities, in the default configuration.Any customizations you do to your store render these statements incomplete and require that
...

In older versions of Zen Cart (v1.3.0, 1.3.0.1, 1.3.0.2) there was a vulnerability in the code which was announced to the hacker world. Even though that has been fixed in subsequent versions, newbie hackers continue to attempt to find sites which have the vulnerability, thus wasting your time and energy worrying about what they're up to. Their access attempts also waste some of your website server resources.

Additionally, there are a number of SQL Injection attacks floating around the internet which attempt to find holes to exploit in vulnerable systems. The current version of Zen Cart is inoculated against all such known vulnerabilities. Nevertheless, sometimes even
...

With Zen Cart® it is possible to relocate the "download" folder outside your webserver's "webroot" (the public_html or httpdocs or htdocs etc) folder so that thieves cannot directly link to real files on your server and download without paying or being authenticated.

To do this, you must:

Choose a download method of either "Download by Streaming" or "Download by Redirect" from Admin->Configuration->Attribute Settings.If you're using a Linux
...

In a Windows-hosting environment, when you create a virtual product using download attributes customers are able to download a product as much as they like by using the following as an example: www.websitename.co.uk/download/product.zip